diff --git a/config/ns-edk2-optee.yaml b/config/ns-edk2-optee.yaml new file mode 100644 index 0000000000000000000000000000000000000000..73bdc55c6997b7b02ad678e901adf91536966708 --- /dev/null +++ b/config/ns-edk2-optee.yaml @@ -0,0 +1,41 @@ +# Copyright (c) 2023, Arm Limited. +# SPDX-License-Identifier: MIT + +%YAML 1.2 +--- +description: >- + Brings together a software stack to demonstrate OPTEE in secure EL1 + with TF-A in secure EL3 but without FF-A and secure EL2(Hafnium). + Secure partition dispatcher exists inside OPTEE. + +concrete: true + +layers: + - ns-edk2.yaml + - optee-base.yaml + +build: + tfa: + params: + BL32: ${artifact:OPTEE_HDR_BIN} + BL32_EXTRA1: ${artifact:OPTEE_PAGER_BIN} + BL32_EXTRA2: ${artifact:OPTEE_PAGEABLE_BIN} + SPD: opteed + ARM_TSP_RAM_LOCATION: tdram + dt: + build: + # When using the default fvp-base-revc.dts, an overlay is added which + # adds extra properties that OPTEE requires to enable OPTEE driver + # in the kernel. + - if [ "$${DTS}" = "fvp-base-revc.dts" ]; then + - >- + OVERLAY="/ { + firmware { + optee { + compatible = \"linaro,optee-tz\"; + method = \"smc\"; + }; + }; + };" + - ( dtc -q -O dts -I dtb $${DTB_FINAL} ; echo -e "$${OVERLAY}" ) | dtc -q -O dtb -o $${DTB_FINAL} + - fi diff --git a/config/optee-base.yaml b/config/optee-base.yaml new file mode 100644 index 0000000000000000000000000000000000000000..e01d97c189fdab382778121a80838c401a40052e --- /dev/null +++ b/config/optee-base.yaml @@ -0,0 +1,37 @@ +# Copyright (c) 2024, Arm Limited. +# SPDX-License-Identifier: MIT + +%YAML 1.2 +--- +description: >- + This provides the baseline for OPTEE 64-bit build. + +build: + optee: + repo: + remote: https://github.com/OP-TEE/optee_os.git + revision: 4.2.0 + + toolchain: aarch64-linux-gnu- + + params: + CFG_ARM_GICV3: y + CFG_ARM64_core: y + CFG_CALLOUT: y + CFG_CORE_HEAP_SIZE: 131072 + CFG_DEBUG_INFO: y + CFG_NOTIF_TEST_WD: y + CFG_TEE_CORE_LOG_LEVEL: 2 + CFG_USER_TA_TARGETS: ta_arm64 + CROSS_COMPILE: aarch64-linux-gnu- + CROSS_COMPILE_core: aarch64-linux-gnu- + CROSS_COMPILE_ta_arm64: aarch64-linux-gnu- + DEBUG: 0 + PLATFORM: vexpress-fvp + build: + - make O=${param:builddir} ${param:join_equal} all + + artifacts: + OPTEE_HDR_BIN: ${param:builddir}/core/tee-header_v2.bin + OPTEE_PAGER_BIN: ${param:builddir}/core/tee-pager_v2.bin + OPTEE_PAGEABLE_BIN: ${param:builddir}/core/tee-pageable_v2.bin diff --git a/docker/Dockerfile.slim b/docker/Dockerfile.slim index bf3beb977d5ee7c6f88f8f63a761569969a3f50c..3ede36976482892c455292abb463b1475356c37e 100644 --- a/docker/Dockerfile.slim +++ b/docker/Dockerfile.slim @@ -109,9 +109,7 @@ RUN apt-get install --assume-yes --no-install-recommends --option=debug::pkgProb mtools \ netcat-openbsd \ ninja-build \ - python3-cryptography \ python3-pip \ - python3-pyelftools \ python3-serial \ python-is-python3 \ rsync \ @@ -122,6 +120,10 @@ RUN apt-get install --assume-yes --no-install-recommends --option=debug::pkgProb xterm \ xz-utils \ zlib1g-dev +RUN pip3 install \ + cryptography \ + pyelftools + # Install packages requried by EDK2. # From https://developer.arm.com/documentation/102571/0100/Build-firmware-on-a-Linux-host. diff --git a/test/test.py b/test/test.py index edf93e67421a3312489868028b9ced6d602ce60a..6bf64c944391eb81da17d74384b9f17f07573b70 100755 --- a/test/test.py +++ b/test/test.py @@ -49,6 +49,14 @@ CONFIGS = [ }, 'arch': {'start': 'v8.0', 'end': ARCH_LATEST}, }, + { + 'config': 'ns-edk2-optee.yaml', + 'btvars': {}, + 'rtvars': { + 'default': {'KERNEL': KERNEL, 'ROOTFS': ROOTFS}, + }, + 'arch': {'start': 'v8.0', 'end': ARCH_LATEST}, + }, { 'config': 'ffa-tftf.yaml', 'btvars': {},